[  233.863479][ T3729] ==================================================================
[  233.863742][ T3729] BUG: KASAN: slab-out-of-bounds in snapshot_page+0x2a7/0x510
[  233.863950][ T3729] Read of size 128 at addr ff1100001dfaa240 by task ncdevmem/3729
[  233.864116][ T3729] 
[  233.864179][ T3729] CPU: 1 UID: 0 PID: 3729 Comm: ncdevmem Not tainted 7.1.0-rc1-virtme #1 PREEMPT(full) 
[  233.864182][ T3729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  233.864188][ T3729] Call Trace:
[  233.864189][ T3729]  <TASK>
[  233.864191][ T3729]  dump_stack_lvl+0x6f/0xa0
[  233.864196][ T3729]  print_address_description.constprop.0+0x56/0x2d0
[  233.864201][ T3729]  print_report+0xfc/0x1fa
[  233.864203][ T3729]  ? __virt_addr_valid+0x102/0x440
[  233.864207][ T3729]  ? __virt_addr_valid+0x1da/0x440
[  233.864209][ T3729]  kasan_report+0x108/0x130
[  233.864212][ T3729]  ? snapshot_page+0x2a7/0x510
[  233.864214][ T3729]  ? snapshot_page+0x2a7/0x510
[  233.864216][ T3729]  kasan_check_range+0x130/0x200
[  233.864218][ T3729]  __asan_memcpy+0x23/0x60
[  233.864221][ T3729]  snapshot_page+0x2a7/0x510
[  233.864222][ T3729]  ? fourcc_string+0xb97/0xc40
[  233.864226][ T3729]  __dump_page+0x8a/0x100
[  233.864228][ T3729]  ? __dump_folio+0x4d0/0x4d0
[  233.864233][ T3729]  ? net_devmem_alloc_dmabuf+0x199/0x270
[  233.864237][ T3729]  dump_page+0x3a/0x60
[  233.864239][ T3729]  page_pool_set_pp_info+0x185/0x1e0
[  233.864242][ T3729]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[  233.864244][ T3729]  ? page_pool_alloc_netmems+0x10a/0x1d0
[  233.864246][ T3729]  fbnic_fill_bdq+0x238/0x400
[  233.864251][ T3729]  __fbnic_nv_restart+0x145/0x440
[  233.864253][ T3729]  fbnic_queue_start+0x183/0x260
[  233.864255][ T3729]  netdev_rx_queue_reconfig+0x322/0x580
[  233.864258][ T3729]  __netif_mp_open_rxq+0x3be/0x600
[  233.864260][ T3729]  ? netdev_rx_queue_restart+0xb0/0xb0
[  233.864262][ T3729]  ? do_raw_spin_unlock+0x59/0x250
[  233.864266][ T3729]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[  233.864267][ T3729]  ? net_devmem_unbind_dmabuf+0x470/0x470
[  233.864270][ T3729]  netdev_nl_bind_rx_doit+0x82e/0xff0
[  233.864274][ T3729]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  233.864276][ T3729]  ? __nla_parse+0x22/0x30
[  233.864280][ T3729]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[  233.864283][ T3729]  genl_family_rcv_msg_doit+0x206/0x300
[  233.864285][ T3729]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  233.864287][ T3729]  ? rcu_is_watching+0x15/0xd0
[  233.864290][ T3729]  ? cap_capable+0x1d6/0x3e0
[  233.864294][ T3729]  genl_family_rcv_msg+0x3a4/0x640
[  233.864296][ T3729]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  233.864297][ T3729]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  233.864299][ T3729]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  233.864301][ T3729]  ? __lock_acquire+0x508/0xc10
[  233.864304][ T3729]  genl_rcv_msg+0xbb/0x160
[  233.864305][ T3729]  netlink_rcv_skb+0x14e/0x3a0
[  233.864308][ T3729]  ? genl_family_rcv_msg+0x640/0x640
[  233.864310][ T3729]  ? netlink_ack+0xcd0/0xcd0
[  233.864313][ T3729]  ? netlink_deliver_tap+0xc5/0x330
[  233.864315][ T3729]  ? netlink_deliver_tap+0x13c/0x330
[  233.864317][ T3729]  genl_rcv+0x28/0x40
[  233.864318][ T3729]  netlink_unicast+0x47c/0x740
[  233.864321][ T3729]  ? netlink_attachskb+0x800/0x800
[  233.864323][ T3729]  ? lockdep_hardirqs_on+0x8c/0x130
[  233.864325][ T3729]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  233.864327][ T3729]  ? __wake_up+0x44/0x60
[  233.864331][ T3729]  netlink_sendmsg+0x735/0xc60
[  233.864333][ T3729]  ? netlink_unicast+0x740/0x740
[  233.864336][ T3729]  ? lock_acquire.part.0+0xbc/0x260
[  233.864337][ T3729]  ? __might_fault+0x97/0x140
[  233.864340][ T3729]  __sys_sendto+0x2c9/0x400
[  233.864344][ T3729]  ? __ia32_sys_getpeername+0xd0/0xd0
[  233.864345][ T3729]  ? __might_fault+0x97/0x140
[  233.864348][ T3729]  ? __ia32_sys_connect+0xd0/0xd0
[  233.864349][ T3729]  ? __sys_bind+0x191/0x260
[  233.864353][ T3729]  __x64_sys_sendto+0xe4/0x1f0
[  233.864354][ T3729]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  233.864357][ T3729]  ? lockdep_hardirqs_on+0x8c/0x130
[  233.864359][ T3729]  ? do_syscall_64+0x82/0xfc0
[  233.864361][ T3729]  do_syscall_64+0x117/0xfc0
[  233.864362][ T3729]  ? trace_hardirqs_off+0xd/0x30
[  233.864364][ T3729]  ? exc_page_fault+0xee/0x100
[  233.864365][ T3729]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  233.864368][ T3729] RIP: 0033:0x7f143a2eb0ee
[  233.864371][ T3729] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  233.864373][ T3729] RSP: 002b:00007ffff8ea74a0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  233.864377][ T3729] RAX: ffffffffffffffda RBX: 00007ffff8ea7510 RCX: 00007f143a2eb0ee
[  233.864378][ T3729] RDX: 0000000000000038 RSI: 0000000035dfb988 RDI: 0000000000000006
[  233.864379][ T3729] RBP: 00007ffff8ea74b0 R08: 0000000000000000 R09: 0000000000000000
[  233.864380][ T3729] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000035dfb988
[  233.864381][ T3729] R13: 0000000035dfb720 R14: 00007f143a4bc000 R15: 000000000042ee00
[  233.864383][ T3729]  </TASK>
[  233.864384][ T3729] 
[  233.873066][ T3729] Allocated by task 3729:
[  233.873144][ T3729]  kasan_save_stack+0x2f/0x50
[  233.873243][ T3729]  kasan_save_track+0x14/0x30
[  233.873338][ T3729]  __kasan_kmalloc+0x7b/0x90
[  233.873439][ T3729]  __kvmalloc_node_noprof+0x2e8/0x8a0
[  233.873536][ T3729]  net_devmem_bind_dmabuf+0x60e/0x1260
[  233.873631][ T3729]  netdev_nl_bind_rx_doit+0x7ae/0xff0
[  233.873726][ T3729]  genl_family_rcv_msg_doit+0x206/0x300
[  233.873820][ T3729]  genl_family_rcv_msg+0x3a4/0x640
[  233.873917][ T3729]  genl_rcv_msg+0xbb/0x160
[  233.874018][ T3729]  netlink_rcv_skb+0x14e/0x3a0
[  233.874113][ T3729]  genl_rcv+0x28/0x40
[  233.874185][ T3729]  netlink_unicast+0x47c/0x740
[  233.874282][ T3729]  netlink_sendmsg+0x735/0xc60
[  233.874376][ T3729]  __sys_sendto+0x2c9/0x400
[  233.874471][ T3729]  __x64_sys_sendto+0xe4/0x1f0
[  233.874566][ T3729]  do_syscall_64+0x117/0xfc0
[  233.874667][ T3729]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  233.874784][ T3729] 
[  233.874833][ T3729] The buggy address belongs to the object at ff1100001dfaa240
[  233.874833][ T3729]  which belongs to the cache kmalloc-64 of size 64
[  233.875073][ T3729] The buggy address is located 0 bytes inside of
[  233.875073][ T3729]  allocated 64-byte region [ff1100001dfaa240, ff1100001dfaa280)
[  233.875315][ T3729] 
[  233.875365][ T3729] The buggy address belongs to the physical page:
[  233.875484][ T3729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff1100001dfaa440 pfn:0x1dfaa
[  233.875678][ T3729] flags: 0x80000000000200(workingset|node=0|zone=1)
[  233.875801][ T3729] page_type: f5(slab)
[  233.875888][ T3729] raw: 0080000000000200 ff1100000103cac0 ff11000001032948 ff11000001032948
[  233.876060][ T3729] raw: ff1100001dfaa440 0000000000100004 00000000f5000000 0000000000000000
[  233.876229][ T3729] page dumped because: kasan: bad access detected
[  233.876347][ T3729] 
[  233.876397][ T3729] Memory state around the buggy address:
[  233.876493][ T3729]  ff1100001dfaa180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  233.876643][ T3729]  ff1100001dfaa200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  233.876783][ T3729] >ff1100001dfaa280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  233.876925][ T3729]                    ^
[  233.876996][ T3729]  ff1100001dfaa300: fc fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc
[  233.877140][ T3729]  ff1100001dfaa380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  233.877278][ T3729] ==================================================================
[  233.877433][ T3729] Disabling lock debugging due to kernel taint
[  233.877553][ T3729] page: refcount:0 mapcount:1802201964 mapping:0000000000000000 index:0x0 pfn:0xfffcf4000077ea89
[  233.877730][ T3729] flags: 0x0(node=0|zone=0)
[  233.877826][ T3729] raw: 6b6b6b6b6b6b6b6b 0000000000000000 ff110000055fe800 6b6b6b6b6b6b6b6b
[  233.877986][ T3729] raw: 000000001bd9e000 0000000000000000 000000006b6b6b6b ff1100001dfaa140
[  233.878140][ T3729] page dumped because: VM_BUG_ON_PAGE(({ __kcsan_disable_current(); ; __auto_type __v = (page->page_type); ; __kcsan_enable_current(); __v; }) != (~0U))
[  233.878409][ T3729] ------------[ cut here ]------------
[  233.878501][ T3729] kernel BUG at ./include/linux/page-flags.h:1062!
[  233.878620][ T3729] Oops: invalid opcode: 0000 [#1] SMP KASAN
[  233.878740][ T3729] CPU: 1 UID: 0 PID: 3729 Comm: ncdevmem Tainted: G    B               7.1.0-rc1-virtme #1 PREEMPT(full) 
[  233.878925][ T3729] Tainted: [B]=BAD_PAGE
[  233.879003][ T3729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
[  233.879211][ T3729] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[  233.879329][ T3729] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 6d b8 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[  233.879654][ T3729] RSP: 0018:ffa000000ad6f368 EFLAGS: 00010286
[  233.879770][ T3729] RAX: 0000000000000096 RBX: ff1100001dfaa240 RCX: 0000000000000000
[  233.879913][ T3729] RDX: 0000000000000096 RSI: 1ffffffff77d7b44 RDI: fff3fc00015ade58
[  233.880048][ T3729] RBP: ff110000055fe800 R08: ffffffffb59bf47a R09: 1ffffffff727ea44
[  233.880192][ T3729] R10: 0000000000000003 R11: fffffbfff727ea45 R12: ff1100001dfaa241
[  233.880330][ T3729] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[  233.880466][ T3729] FS:  00007f143a278740(0000) GS:ff110000aa546000(0000) knlGS:0000000000000000
[  233.880625][ T3729] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  233.880742][ T3729] CR2: 0000000000431dc0 CR3: 0000000018deb004 CR4: 0000000000771ef0
[  233.880891][ T3729] PKRU: 55555554
[  233.880960][ T3729] Call Trace:
[  233.881028][ T3729]  <TASK>
[  233.881077][ T3729]  mp_dmabuf_devmem_alloc_netmems+0x5d/0x2a0
[  233.881191][ T3729]  ? page_pool_alloc_netmems+0x10a/0x1d0
[  233.881284][ T3729]  fbnic_fill_bdq+0x238/0x400
[  233.881375][ T3729]  __fbnic_nv_restart+0x145/0x440
[  233.881472][ T3729]  fbnic_queue_start+0x183/0x260
[  233.881562][ T3729]  netdev_rx_queue_reconfig+0x322/0x580
[  233.881652][ T3729]  __netif_mp_open_rxq+0x3be/0x600
[  233.881742][ T3729]  ? netdev_rx_queue_restart+0xb0/0xb0
[  233.881834][ T3729]  ? do_raw_spin_unlock+0x59/0x250
[  233.881930][ T3729]  net_devmem_bind_dmabuf_to_queue+0xad/0x200
[  233.882047][ T3729]  ? net_devmem_unbind_dmabuf+0x470/0x470
[  233.882137][ T3729]  netdev_nl_bind_rx_doit+0x82e/0xff0
[  233.882230][ T3729]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  233.882342][ T3729]  ? __nla_parse+0x22/0x30
[  233.882433][ T3729]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x189/0x330
[  233.882544][ T3729]  genl_family_rcv_msg_doit+0x206/0x300
[  233.882639][ T3729]  ? genl_family_rcv_msg_attrs_parse.isra.0+0x330/0x330
[  233.882752][ T3729]  ? rcu_is_watching+0x15/0xd0
[  233.882846][ T3729]  ? cap_capable+0x1d6/0x3e0
[  233.882938][ T3729]  genl_family_rcv_msg+0x3a4/0x640
[  233.883028][ T3729]  ? genl_family_rcv_msg_dumpit+0x340/0x340
[  233.883141][ T3729]  ? rcu_lockdep_current_cpu_online+0x39/0x1b0
[  233.883258][ T3729]  ? netdev_nl_qstats_get_dumpit+0x8e0/0x8e0
[  233.883372][ T3729]  ? __lock_acquire+0x508/0xc10
[  233.883462][ T3729]  genl_rcv_msg+0xbb/0x160
[  233.883552][ T3729]  netlink_rcv_skb+0x14e/0x3a0
[  233.883643][ T3729]  ? genl_family_rcv_msg+0x640/0x640
[  233.883733][ T3729]  ? netlink_ack+0xcd0/0xcd0
[  233.883830][ T3729]  ? netlink_deliver_tap+0xc5/0x330
[  233.883926][ T3729]  ? netlink_deliver_tap+0x13c/0x330
[  233.884016][ T3729]  genl_rcv+0x28/0x40
[  233.884084][ T3729]  netlink_unicast+0x47c/0x740
[  233.884175][ T3729]  ? netlink_attachskb+0x800/0x800
[  233.884267][ T3729]  ? lockdep_hardirqs_on+0x8c/0x130
[  233.884358][ T3729]  ? _raw_spin_unlock_irqrestore+0x40/0x80
[  233.884475][ T3729]  ? __wake_up+0x44/0x60
[  233.884544][ T3729]  netlink_sendmsg+0x735/0xc60
[  233.884635][ T3729]  ? netlink_unicast+0x740/0x740
[  233.884727][ T3729]  ? lock_acquire.part.0+0xbc/0x260
[  233.884816][ T3729]  ? __might_fault+0x97/0x140
[  233.884911][ T3729]  __sys_sendto+0x2c9/0x400
[  233.885006][ T3729]  ? __ia32_sys_getpeername+0xd0/0xd0
[  233.885096][ T3729]  ? __might_fault+0x97/0x140
[  233.885187][ T3729]  ? __ia32_sys_connect+0xd0/0xd0
[  233.885279][ T3729]  ? __sys_bind+0x191/0x260
[  233.885372][ T3729]  __x64_sys_sendto+0xe4/0x1f0
[  233.885461][ T3729]  ? trace_irq_enable.constprop.0+0x9b/0x180
[  233.885578][ T3729]  ? lockdep_hardirqs_on+0x8c/0x130
[  233.885671][ T3729]  ? do_syscall_64+0x82/0xfc0
[  233.885761][ T3729]  do_syscall_64+0x117/0xfc0
[  233.885852][ T3729]  ? trace_hardirqs_off+0xd/0x30
[  233.885941][ T3729]  ? exc_page_fault+0xee/0x100
[  233.886029][ T3729]  entry_SYSCALL_64_after_hwframe+0x4b/0x53
[  233.886141][ T3729] RIP: 0033:0x7f143a2eb0ee
[  233.886240][ T3729] Code: 4d 89 d8 e8 94 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 03 ff ff ff 0f 1f 00 f3 0f 1e fa
[  233.886558][ T3729] RSP: 002b:00007ffff8ea74a0 EFLAGS: 00000202 ORIG_RAX: 000000000000002c
[  233.886698][ T3729] RAX: ffffffffffffffda RBX: 00007ffff8ea7510 RCX: 00007f143a2eb0ee
[  233.886845][ T3729] RDX: 0000000000000038 RSI: 0000000035dfb988 RDI: 0000000000000006
[  233.886983][ T3729] RBP: 00007ffff8ea74b0 R08: 0000000000000000 R09: 0000000000000000
[  233.887123][ T3729] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000035dfb988
[  233.887259][ T3729] R13: 0000000035dfb720 R14: 00007f143a4bc000 R15: 000000000042ee00
[  233.887401][ T3729]  </TASK>
[  233.887470][ T3729] Modules linked in:
[  233.887555][ T3729] ---[ end trace 0000000000000000 ]---
[  233.887648][ T3729] RIP: 0010:page_pool_set_pp_info+0x186/0x1e0
[  233.887763][ T3729] Code: 80 3c 11 00 0f 84 12 ff ff ff 89 04 24 e8 12 de a0 fe 8b 04 24 e9 02 ff ff ff 48 c7 c6 60 98 6d b8 48 89 df e8 6b d0 89 fe 90 <0f> 0b e8 f3 dc a0 fe e9 58 ff ff ff e8 29 dd a0 fe e9 a9 fe ff ff
[  233.888085][ T3729] RSP: 0018:ffa000000ad6f368 EFLAGS: 00010286
[  233.888207][ T3729] RAX: 0000000000000096 RBX: ff1100001dfaa240 RCX: 0000000000000000
[  233.888343][ T3729] RDX: 0000000000000096 RSI: 1ffffffff77d7b44 RDI: fff3fc00015ade58
[  233.888479][ T3729] RBP: ff110000055fe800 R08: ffffffffb59bf47a R09: 1ffffffff727ea44
[  233.888623][ T3729] R10: 0000000000000003 R11: fffffbfff727ea45 R12: ff1100001dfaa241
[  233.888758][ T3729] R13: 000000000000006b R14: 0000000000000002 R15: 0000000000000000
[  233.888893][ T3729] FS:  00007f143a278740(0000) GS:ff110000aa546000(0000) knlGS:0000000000000000
[  233.889051][ T3729] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  233.889166][ T3729] CR2: 0000000000431dc0 CR3: 0000000018deb004 CR4: 0000000000771ef0
[  233.889316][ T3729] PKRU: 55555554
[  233.889385][ T3729] Kernel panic - not syncing: Fatal exception
[  233.889636][ T3729] Kernel Offset: 0x34200000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[  233.889852][ T3729] ---[ end Kernel panic - not syncing: Fatal exception ]---

WAIT TIMEOUT stderr

Ctrl-C stderr

Ctrl-C stderr

WAIT TIMEOUT stderr